<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="DC.Type" content="topic">
  <meta name="DC.Title" content="Built-in User Roles">
  <meta name="product" content="">
  <meta name="DC.Relation" scheme="URI" content="admin-0055.html">
  <meta name="prodname" content="">
  <meta name="version" content="">
  <meta name="brand" content="30-OceanProtect Appliance 1.5.0-1.6.0 Help Center">
  <meta name="DC.Publisher" content="20241029">
  <meta name="prodname" content="csbs">
  <meta name="documenttype" content="usermanual">
  <meta name="DC.Format" content="XHTML">
  <meta name="DC.Identifier" content="admin-0056">
  <meta name="DC.Language" content="en-us">
  <link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
  <title>Built-in User Roles</title>
 </head>
 <body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px">
  <a name="admin-0056"></a><a name="admin-0056"></a>
  <h1 class="topictitle1">Built-in User Roles</h1>
  <div>
   <p class="MsoNormal" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p36771798">To prevent mis-operations from compromising service system stability and service data security, you can define roles to control users' operation permissions. Before using this document, ensure that you have the operation permissions of the current account.</p>
   <div class="section" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_section62510731">
    <h4 class="sectiontitle">Definition of User Roles</h4>
    <p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p178819511347"><strong id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_b12586267">Role</strong>: defines the objects that a user operates.</p>
    <p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p12854735">Built-in roles are preset in the system with specific permissions. <a href="#admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_table2389521">Table 1</a> lists the permissions that built-in roles have.</p>
    <div class="tablenoborder">
     <a name="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_table2389521"></a><a name="en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_table2389521"></a>
     <table cellpadding="4" cellspacing="0" summary="" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_table2389521" frame="border" border="1" rules="all">
      <caption>
       <b>Table 1 </b>Built-in roles
      </caption>
      <colgroup>
       <col style="width:14.219999999999999%">
       <col style="width:45.739999999999995%">
       <col style="width:40.04%">
      </colgroup>
      <thead align="left">
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_row55630747">
        <th align="left" class="cellrowborder" valign="top" width="14.220000000000002%" id="mcps1.3.2.4.2.4.1.1"><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p9796655">Preset Role</p></th>
        <th align="left" class="cellrowborder" valign="top" width="45.74%" id="mcps1.3.2.4.2.4.1.2"><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p52676258">Built-in Role Permission Description</p></th>
        <th align="left" class="cellrowborder" valign="top" width="40.040000000000006%" id="mcps1.3.2.4.2.4.1.3"><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p62933297125">Built-in System User</p></th>
       </tr>
      </thead>
      <tbody>
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_row38918480">
        <td class="cellrowborder" valign="top" width="14.220000000000002%" headers="mcps1.3.2.4.2.4.1.1 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p65389142">System Administrator</p></td>
        <td class="cellrowborder" valign="top" width="45.74%" headers="mcps1.3.2.4.2.4.1.2 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p58305164">Users with this role have all permissions on the system.</p>
         <div class="note" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_note154143357435">
          <span class="notetitle"> NOTE: </span>
          <div class="notebody">
           <p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p241412350436">After system administrator creation, you need to set the sender email address and password retrieval email address.</p>
          </div>
         </div></td>
        <td class="cellrowborder" valign="top" width="40.040000000000006%" headers="mcps1.3.2.4.2.4.1.3 ">
         <ul id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_ul1213835153913">
          <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li31381553399">sysadmin: a built-in system administrator who can log in to the GUI and invoke REST APIs.<p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p51312816396"><a name="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li31381553399"></a><a name="en-us_topic_0000002013967929_en-us_topic_0000001792345766_li31381553399"></a>For the default password, see the <i><cite id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_cite297b7c866f224f7283702aadd1f879bc141138">Account List</cite></i>.</p></li>
          <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li213855113914">cluster_admin: a machine-machine account of the built-in system administrator. This account cannot be used to log in to the GUI and can only invoke REST APIs.<p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p128420121398"><a name="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li213855113914"></a><a name="en-us_topic_0000002013967929_en-us_topic_0000001792345766_li213855113914"></a>The password is randomly generated during system initialization. You can reset the password on the <span id="admin-0056__en-us_topic_0000002013967929_text7962616111216">product</span>.</p></li>
         </ul></td>
       </tr>
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_row1342792">
        <td class="cellrowborder" valign="top" width="14.220000000000002%" headers="mcps1.3.2.4.2.4.1.1 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p41657359">Data Protection Administrator</p></td>
        <td class="cellrowborder" valign="top" width="45.74%" headers="mcps1.3.2.4.2.4.1.2 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p81934512385">Users with this role have data protection permissions, such as backup and restoration.</p>
         <div class="note" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_note8558181613308">
          <span class="notetitle"> NOTE: </span>
          <div class="notebody">
           <ul id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_ul85711647164413">
            <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li10571547114415">Data protection administrators can only view the permissions of this role and change their own passwords. They cannot view or change the passwords of other users.</li>
            <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li185711447154413">Data protection administrators do not have permissions to create and delete multi-cluster members, add and delete HAs, and view node details.</li>
            <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li35712476449">Data protection administrators do not have permissions to view information of <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_uicontrol777116358818"><b>Security Policies</b></span>, <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_uicontrol5612173918819"><b>Certificates</b></span>, and <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_uicontrol1361114428814"><b>Data Security</b></span>.</li>
            <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_li75711447134419">SAML data protection administrators cannot view the information of <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_uicontrol11531166310"><b>System Capacity</b></span>, <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_uicontrol171531016830"><b>Data Reduction</b></span>, and <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_uicontrol1153141611316"><b>Performance</b></span>.</li>
           </ul>
          </div>
         </div></td>
        <td class="cellrowborder" valign="top" width="40.040000000000006%" headers="mcps1.3.2.4.2.4.1.3 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p7223227527">mmdp_admin: a machine-machine account of the built-in data protection administrator. This account cannot log in to the GUI and can only invoke REST APIs.</p> <p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p5570193515563">The password is randomly generated during system initialization. You can reset the password on the <span id="admin-0056__en-us_topic_0000002013967929_text7344145121313">product</span>.</p></td>
       </tr>
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_row16317111414011">
        <td class="cellrowborder" valign="top" width="14.220000000000002%" headers="mcps1.3.2.4.2.4.1.1 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p1563434519375">Auditor</p></td>
        <td class="cellrowborder" valign="top" width="45.74%" headers="mcps1.3.2.4.2.4.1.2 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p1631831415011">Users with this role can audit the system with the read-only permission.</p></td>
        <td class="cellrowborder" valign="top" width="40.040000000000006%" headers="mcps1.3.2.4.2.4.1.3 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p153831475210">mm_audit: a machine-machine account of the built-in auditor. This account cannot log in to the GUI and can only invoke REST APIs.</p> <p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p4541144235611">The password is randomly generated during system initialization. You can reset the password on the <span id="admin-0056__en-us_topic_0000002013967929_text17125153981314">product</span>.</p></td>
       </tr>
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_row1064183514187">
        <td class="cellrowborder" valign="top" width="14.220000000000002%" headers="mcps1.3.2.4.2.4.1.1 "><p id="admin-0056__en-us_topic_0000002013967929_p11521130913">Remote Device Administrator</p></td>
        <td class="cellrowborder" valign="top" width="45.74%" headers="mcps1.3.2.4.2.4.1.2 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p39408291005">Users with this role can be used for authentication and authorization between the source and target clusters during copy replication.</p></td>
        <td class="cellrowborder" valign="top" width="40.040000000000006%" headers="mcps1.3.2.4.2.4.1.3 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p112931929121213">-</p></td>
       </tr>
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_row571913175515">
        <td class="cellrowborder" valign="top" width="14.220000000000002%" headers="mcps1.3.2.4.2.4.1.1 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p27197125518">Disaster Recovery Administrator</p></td>
        <td class="cellrowborder" valign="top" width="45.74%" headers="mcps1.3.2.4.2.4.1.2 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p117198119553">Users with this role have the permission to query cluster and capacity information and perform operations on SAML users, such as adding, deleting, modifying, and querying SAML users, and managing quotas and functions.</p></td>
        <td class="cellrowborder" valign="top" width="40.040000000000006%" headers="mcps1.3.2.4.2.4.1.3 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p20719114558">-</p></td>
       </tr>
       <tr id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_row317995717515">
        <td class="cellrowborder" valign="top" width="14.220000000000002%" headers="mcps1.3.2.4.2.4.1.1 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p1117913573514">Device administrator</p></td>
        <td class="cellrowborder" valign="top" width="45.74%" headers="mcps1.3.2.4.2.4.1.2 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p7530209175219">This role is used for internal O&amp;M and cannot be configured on the GUI. This role is used for upgrade and O&amp;M of the <span id="admin-0056__en-us_topic_0000002013967929_text2558165015138">product</span>. For example, this role can be used to upgrade the <span id="admin-0056__en-us_topic_0000002013967929_text18877195616139">product</span> through SmartKit.</p></td>
        <td class="cellrowborder" valign="top" width="40.040000000000006%" headers="mcps1.3.2.4.2.4.1.3 "><p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p37173210527">admin: a built-in device administrator who can log in to the device management GUI and invoke some REST APIs. Initialize the password upon the first login. For details about how to change the password, see the <i><cite id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_cite9651158156"> Account List</cite></i>.</p></td>
       </tr>
      </tbody>
     </table>
    </div>
   </div>
   <div class="section" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_section25725667">
    <h4 class="sectiontitle">Querying Permissions of the Current Login User</h4>
    <p class="MsoNormal" id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_p53986228">After logging in to the system, you can perform the following operations to learn about the operation permissions and scope of your current account.</p>
    <p id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_p2060714435815">Procedure</p>
    <ol id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_ol10808352">
     <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_li3061316">Choose <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_uicontrol1760913451583"><b>System &gt; Security &gt; RBAC &gt; Users</b></span>.</li>
     <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232371_li42268317">(Optional) Click <span><img id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232371_image193269489536" src="en-us_image_0000002014093733.png"></span> next to <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_uicontrol5301830134213"><b>Name</b></span> to search for a user.</li>
     <li id="admin-0056__en-us_topic_0000002013967929_en-us_topic_0000001792345766_en-us_topic_0223232618_li17107479">In the user list, click a username to go to the user details page. In the <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_uicontrol1493115541818"><b>Associated Roles and Resources &gt; Role</b></span> area, expand <span class="uicontrol" id="admin-0056__en-us_topic_0000002013967929_uicontrol149315557186"><b>Name</b></span> to view the operation permissions of the current user.
      <div class="note" id="admin-0056__en-us_topic_0000002013967929_note126511983310">
       <img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span>
       <div class="notebody">
        <p id="admin-0056__en-us_topic_0000002013967929_p1765151913337">If you log in as a system administrator, you can view information about all users of the current device.</p>
       </div>
      </div></li>
    </ol>
   </div>
  </div>
  <div>
   <div class="familylinks">
    <div class="parentlink">
     <strong>Parent topic:</strong> <a href="admin-0055.html">Managing RBAC (Applicable to 1.6.0 and Later Versions)</a>
    </div>
   </div>
  </div>
 </body>
</html>